[CentOS] Replace NIS by Active Directory
John Hodrien
J.H.Hodrien at leeds.ac.uk
Fri Mar 18 12:42:15 UTC 2011
On Fri, 18 Mar 2011, MOKRANI Rachid wrote:
> Hi,
>
> I'm looking a wiki or share experience for replace NIS authentication by
> an existing Active directory Server (W2003). The problem is on the
> management of id and gid.
>
> How to move 1000 actual NIS users to AD ?
Create matching accounts in AD. This is standard Active Directory stuff,
there really aren't any gotchas I can think of.
> How to keep the same id and gid for this 1000 users ?
Make sure the SFU attributes have the correct values. You can do all this
through LDAP as far as I know. Alternatively remap all your UIDs/GIDs and
switch to a RID mapping scheme instead. You need to think about how you're
planning on working in the future.
> What's happen with nfs linux server and acess with gid and/id ?
It works exactly the same as it does now.
> Use the same user/password for linux and Windows clients
> authentification?
Feel free to use windbind or pam_krb5 for authentication, both easy to setup.
You'll need nss_ldap with pam_krb5, but winbind can do the whole bag.
> Does someone has already successfully replace NIS by Ad authentification
> with freeware solution ?
Probably the easiest it to use winbind, but we use nss_ldap and pam_krb5.
There's plenty of documentation on how to do this out there.
jh
More information about the CentOS
mailing list